Exchange 2016 – Event ID 2080

If you face an issue for startup of Exchange System Attendant or Exchange AD Topology service, you should check the Event ID 2080

When the Microsoft Exchange Active Directory Topology Service starts up, it queries DNS for SRV records to create a list of available and reachable Domain Controllers in both the local and remote Active Directory sites.

After the initial gathering of SRV data, every 15 minutes, MSExchange ADAccess Event ID 2080 is logged,This event provides important details about the Active Directory servers available to Exchange.

From this event viewer we can determine:

Server name: Indicates the name of the domain controller that the rest of the data in the row corresponds to.

Roles: The second column shows whether or not the particular server can be used as a configuration domain controller (column value C), a domain controller (column value D), or a global catalog server (column value G) for this particular Exchange server. A letter in this column means that the server can be used for the designated function, and a hyphen (-) means that the server cannot be used for that function. CDG means that the server can be used for all roles.

Enabled: Either 1 for yes or 0 for no. In this example, we see 1, so we know that the server is enabled.

Reachability: The fourth column shows whether the server is reachable by a Transmission Control Protocol (TCP) connection. These bit flags are connected by an OR value. 0x1 means the server is reachable as a global catalog server (port 3268), 0x2 means the server is reachable as a domain controller (port 389), and 0x4 means the server is reachable as a configuration domain controller (port 389). In other words, if a server is reachable as a global catalog server and as a domain controller but not as a configuration domain controller, the value is 3. In the example shown above, the value 7 in the fourth column means that the server is reachable as a global catalog server, as a domain controller, and as a configuration domain controller (0x1 | 0x2 | 0x4 = 0x7).

Synchronized: The fifth column shows whether the “isSynchronized” flag on the rootDSE of the domain controller is set to TRUE. These values use the same bit flags connected by an OR value as the flags that are used in the Reachability column. The ideal situation is that the values shown in the fourth and fifth columns match.

GC capable: The sixth column is a Boolean expression that states whether the domain controller is a global catalog server. The value (1) indicates that the server is a global catalog.

PDC: The seventh column is a Boolean expression that states whether the domain controller is a primary domain controller for its domain. The value (0) indicates that this is not true.

SACL right: The eighth column is a Boolean expression that states whether DSAccess has the correct permissions to read the SACL (part of the NTSecurityDescriptor) against that directory service. The value (1) means that this is true.

Critical Data: The ninth column is a Boolean expression that states whether DSAccess found this Exchange server in the configuration container of the domain controller listed in Server name column. The value (1) means that the server was found.

Netlogon Check: The tenth column states whether DSAccess successfully connected to a domain controller’s Net Logon service. This requires the use of Remote Procedure Call (RPC), and this call may fail for reasons other than a server that is down. For example, firewalls may block this call. So, if there is a 7 in the tenth column (as is the case here), it means that the Net Logon service check was successful for each role (domain controller, configuration domain controller, and global catalog).

OS Version: The eleventh column states whether the operating system of the listed domain controller is running the minimum supported Operating System. Exchange 2007 only uses domain controllers or global catalog servers that are running Windows 2003 SP1 or later. Exchange 2010 and 2013 support Windows 2003 SP2 or later, while Exchange 2016 supports Windows 2008 SP2 or later. A Boolean expression of 1 means the domain controller satisfied the operating system requirements for use by DSAccess.

The value of this data comes from knowing if Exchange can properly utilize the Domain Controllers available in your environment, and is therefore able to communicate with Active Directory. Symptoms that would cause you to look at this counter include:

If you discover Domain Controllers that Exchange cannot communicate with or that have the improper settings, chances are that the problem lies with a firewall setting, lack of exclusion from Anti-Virus scanning, some setting overridden by Group Policy, a Deny security entry in Access Control Lists, or other permissions issues with the server.